[SOLVED] DHCP, named - nslookup fine, ping not from Windows clients only

Issues related to configuring your network

[SOLVED] DHCP, named - nslookup fine, ping not from Windows clients only

Postby strfr » 2011/10/09 20:31:51

Dear all,

Having hard time to get things work:

I have setup DHCP and bind on my server. Linux box is having no problem nslookup short names of my virtual servers, ping them etc. Windows clients can do nslookup of short names, but they can not ping them or show web pages running on my virtual servers.

192.168.66.10 - bind, dhcp, openvpn etc.
192.168.66.11 - application server

here are my configs:
Code: Select all
[root@zoidberg etc]# cat named.conf
# named.custom - custom configuration for bind
#
# Any changes not currently supported by system-config-bind should be put
# in this file.

#acl "adserver" {
#       192.168.66.3;
#};

acl "dhcpserver" {
        192.168.66.10;
};

acl "dhcpclient" {
        192.168.66/24;
};

options {
    query-source    port 53;
    query-source-v6 port 53;
    directory "/var/named";
    dump-file "data/cache_dump.db";
    statistics-file "data/named_stats.txt";
    memstatistics-file  "data/named_mem_stats.txt";
    listen-on { 192.168.66.10; 127.0.0.1; };
    forwarders { 213.46.172.36; 213.46.172.37; };
    allow-query { 127.0.0.1; 192.168.66.0/24; };
};

include "/etc/rndc.key";

view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
    match-clients       { localhost; };
    match-destinations  { localhost; };
    recursion yes;
    # all views must contain the root hints zone:
    include "/etc/named.root.hints";
    /* these are zones that contain definitions for all the localhost
     * names and addresses, as recommended in RFC1912 - these names should
     * ONLY be served to localhost clients:
     */
    include "/etc/named.rfc1912.zones";

    zone  "66.168.192.in-addr.arpa" {
        type master;
        file  "slaves/db.192.168.66";
        allow-update { dhcpserver; };
        check-names ignore;
    };

    zone  "int.motion.cz" {
        type master;
        file  "slaves/db.int.motion.cz";
        allow-update { dhcpserver; };
        check-names ignore;
    };


};


view "internal"
{
    match-clients       { localnets; };
    match-destinations  { localnets; };
    recursion yes;
    // all views must contain the root hints zone:
    include "/etc/named.root.hints";

    // include "named.rfc1912.zones";
    // you should not serve your rfc1912 names to non-localhost clients.

    // These are your "authoritative" internal zones, and would probably
    // also be included in the "localhost_resolver" view above :

    zone  "66.168.192.in-addr.arpa" {
        type master;
        file  "slaves/db.192.168.66";
        allow-update { dhcpserver; };
        check-names ignore;
    };

    zone  "int.motion.cz" {
        type master;
        file  "slaves/db.int.motion.cz";
        allow-update { dhcpserver; };
        check-names ignore;
    };

    #zone  "_msdcs.int.motion.cz" {
    #   type master;
    #   file  "slaves/db._msdcs.int.motion.cz";
    #   allow-update { adserver; };
    #   check-names ignore;
    #};

    #zone  "_sites.int.motion.cz" {
    #   type master;
    #   file  "slaves/db._sites.int.motion.cz";
    #   allow-update { adserver; };
    #   check-names ignore;
    #};

    #zone  "_tcp.int.motion.cz" {
    #   type master;
    #   file  "slaves/db._tcp.int.motion.cz";
    #   allow-update { adserver; };
    #   check-names ignore;
    #};

    #zone  "_udp.int.motion.cz" {
    #   type master;
    #   file  "slaves/db._udp.int.motion.cz";
    #   allow-update { adserver; };
    #   check-names ignore;
    #};

    #zone "my.slave.internal.zone" {
    #    type slave;
    #    file "slaves/my.slave.internal.zone.db";
    #    masters { /* put master nameserver IPs here */ 127.0.0.1; } ;
    #    // put slave zones in the slaves/ directory so named can update them
    #};

    #zone "my.ddns.internal.zone" {
    #    type master;
    #    allow-update { key ddns_key; };
    #    file "slaves/my.ddns.internal.zone.db";
    #    // put dynamically updateable zones in the slaves/ directory so named can update them
    #};
};


Code: Select all
[root@zoidberg slaves]# cat db.192.168.66
$ORIGIN .
$TTL 86400      ; 1 day
66.168.192.in-addr.arpa IN SOA  zoidberg.int.motion.cz. root.motion.cz. (
                                2011102066 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )
                        NS      zoidberg.int.motion.cz.
$ORIGIN 66.168.192.in-addr.arpa.
1                       PTR     gw.int.motion.cz.
10                      PTR     zoidberg.int.motion.cz.
11                      PTR     bender.int.motion.cz.
12                      PTR     vMA.int.motion.cz.
2                       PTR     switch.int.motion.cz.
3                       PTR     t610.int.motion.cz.
4                       PTR     ups.int.motion.cz.
$TTL 10800      ; 3 hours
53                      PTR     lt-komarek.int.motion.cz.
54                      PTR     test-desktop.int.motion.cz.
[root@zoidberg slaves]#


Code: Select all
[root@zoidberg slaves]# cat db.int.motion.cz
$ORIGIN .
$TTL 86400      ; 1 day
int.motion.cz           IN SOA  zoidberg.int.motion.cz. root.motion.cz. (
                                2011102073 ; serial
                                28800      ; refresh (8 hours)
                                7200       ; retry (2 hours)
                                2419200    ; expire (4 weeks)
                                86400      ; minimum (1 day)
                                )
                        NS      zoidberg.int.motion.cz.
$ORIGIN int.motion.cz.
bender                  A       192.168.66.11
dev                     CNAME   bender
$ORIGIN dev.int.motion.cz.
*                       CNAME   dev.int.motion.cz.
$ORIGIN int.motion.cz.
gw                      A       192.168.66.1
$TTL 10800      ; 3 hours
lt-komarek              A       192.168.66.53
                        TXT     "3104a734adc422b84f563c39ce6a7f6828"
$TTL 86400      ; 1 day
stage                   CNAME   bender
$ORIGIN stage.int.motion.cz.
*                       CNAME   stage.int.motion.cz.
$ORIGIN int.motion.cz.
svn                     CNAME   bender
$TTL 10800      ; 3 hours
test-desktop            A       192.168.66.54
                        TXT     "006921d2c0445ec8e5b679c8018ef4ceaf"
$TTL 86400      ; 1 day
zoidberg                A       192.168.66.10
[root@zoidberg slaves]#


Code: Select all
[root@zoidberg dhcp]# cat dhcpd.conf
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#


ddns-update-style interim;
ignore client-updates;
authoritative;

subnet 192.168.66.0 netmask 255.255.255.0 {

# --- default gateway
option routers                  192.168.66.1;
option subnet-mask              255.255.255.0;
option nis-domain               "int.motion.cz";
option domain-name              "int.motion.cz";
option domain-name-servers      192.168.66.10;
option time-offset              3600;   # GMT+1
#       option ntp-servers              192.168.1.1;
#       option netbios-name-servers     192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
#       option netbios-node-type 2;

range dynamic-bootp 192.168.66.50 192.168.66.254;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
#    host ns {
#        next-server marvin.redhat.com;
#        hardware ethernet 12:34:56:78:AB:CD;
#       fixed-address 207.175.42.254;
#    }
}[root@zoidberg dhcp]#


Code: Select all
[root@zoidberg etc]# cat hosts
127.0.0.1      zoidberg zoidberg.int.motion.cz localhost localhost.localdomain
192.168.66.10  zoidberg.int.motion.cz
[root@zoidberg etc]#


Any help appreciated, thank you for your time
strfr
 
Posts: 10
Joined: 2011/08/15 08:24:46

Re: DHCP, named - nslookup fine, ping not from Windows clients only

Postby TrevorH » 2011/10/09 22:40:12

Since ping and web connections are not working but DNS resolution is, are you sure that you are not being denied by iptables rules?
User avatar
TrevorH
Forum Moderator
 
Posts: 9147
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: DHCP, named - nslookup fine, ping not from Windows clients only

Postby strfr » 2011/10/10 07:32:08

thank you for your reply TrevorH.
yes, I am sure, I have iptables service configured properly and ping is not working even when iptables disabled..

Code: Select all
[root@zoidberg dhcp]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:44010
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spts:67:68 dpts:67:68
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

[root@zoidberg dhcp]#
strfr
 
Posts: 10
Joined: 2011/08/15 08:24:46

Re: DHCP, named - nslookup fine, ping not from Windows clients only

Postby strfr » 2011/10/10 08:52:48

well, to be more precise: I can ping my application server name (bender), but I can not ping my virtual servers on it by their short name (siky.dev for example). I can ping them by their full name (dev.int.motion.cz)...

Code: Select all
c:\Users\Administrator.LT-KOMAREK\Desktop>nslookup siky.dev
Server:  zoidberg.int.motion.cz
Address:  192.168.66.10

Nazev:   bender.int.motion.cz
Address:  192.168.66.11
Aliases:  siky.dev.int.motion.cz
          dev.int.motion.cz


c:\Users\Administrator.LT-KOMAREK\Desktop>


Code: Select all
c:\Users\Administrator.LT-KOMAREK\Desktop>ping siky.dev.int.motion.cz

Příkaz PING na bender.int.motion.cz [192.168.66.11] - 32 bajtů dat:
Odpověď od 192.168.66.11: bajty=32 čas < 1ms TTL=64
Odpověď od 192.168.66.11: bajty=32 čas < 1ms TTL=64
Odpověď od 192.168.66.11: bajty=32 čas < 1ms TTL=64

Statistika ping pro 192.168.66.11:
Pakety: Odeslané = 3, Přijaté = 3, Ztracené = 0 (ztráta 0%),
Přibližná doba do přijetí odezvy v milisekundách:
    Minimum = 0ms, Maximum = 0ms, Průměr = 0ms
Control-C
^C
c:\Users\Administrator.LT-KOMAREK\Desktop>ping siky.dev
Hostitele siky.dev se pomocí příkazu Ping nepodařilo najít. (can not find the host, sorry, having czech international setting on the testing machine..)
Zkontrolujte název hostitele a akci opakujte.

c:\Users\Administrator.LT-KOMAREK\Desktop>
strfr
 
Posts: 10
Joined: 2011/08/15 08:24:46

Re: DHCP, named - nslookup fine, ping not from Windows clients only

Postby TrevorH » 2011/10/10 09:07:24

That looks more like your Windows is set up without the equivalent of "search int.motion.cz" in /etc/resolv.conf but I don't have a Windows system to look at to see how you might configure it. Off the top of my head,it's done from the GUI in control panel -> networking -> $LAN-adapter -> Properties -> TCP/IP -> Properties -> Advanced (they like to make it easy to find!)
User avatar
TrevorH
Forum Moderator
 
Posts: 9147
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: DHCP, named - nslookup fine, ping not from Windows clients only

Postby strfr » 2011/10/10 11:10:43

OK, will try that and repor back.. thanks again!
strfr
 
Posts: 10
Joined: 2011/08/15 08:24:46

Re: DHCP, named - nslookup fine, ping not from Windows clients only

Postby strfr » 2011/10/10 12:49:01

OK, on Windows 7 I can get it work by enabling "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" in gpedit.msc Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> DNS Client

Vista and XP does not have it, so I guess I have to add the suffix to the TCP/IP protocol/advenced...

Thanks for hint TrevorH! I just could not believed it can not be managed centrally from linux server..

Regards
strfr
 
Posts: 10
Joined: 2011/08/15 08:24:46

[SOLVED] DHCP, named - nslookup fine, ping not from Windows

Postby pschaff » 2011/10/12 13:32:53

Thanks for reporting back. Sounds like a Windows issue, but glad you got the correct suggestion from Trevor to figure it out. Marking this thread [SOLVED] for posterity.
pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America


Return to CentOS 6 - Networking Support

Who is online

Users browsing this forum: No registered users and 5 guests